Ruby China

安全 Shellshock 第三弹?

hooopo · September 28, 2014 · Last by hooopo replied at June 02, 2016 · 3717 hits

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html?m=1

验证:

foo='() { echo not patched; }' bash -c foo

是不是要把升级 bash 命令加到 cron 里才能安心放假:

sudo apt-get update && sudo apt-get install bash
Rei #3 September 28, 2014

虽然不是很懂,升级就对了

tony612 #5 September 28, 2014

还有 CVE-2014-7186 和 CVE-2014-7187 http://en.wikipedia.org/wiki/Shellshock_(software_bug)#CVE-2014-7186_vulnerability_details (原链接拷过来格式会乱)

You need to Sign in before reply, if you don't have an account, please Sign up first.